CVE-2019-0319 — HIGH (7.5) — White Hats Nepal

Vulnerability Description

The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it's not.

CVSS Score

7.5

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Sap	Gateway	7.5
Sap	Ui5	1.0.0

Related Weaknesses (CWE)

CWE-74 CWE-79

References

http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.ExploitThird Party Advisory
http://www.securityfocus.com/bid/109074Third Party AdvisoryVDB Entry
https://cxsecurity.com/ascii/WLB-2019050283Third Party Advisory
https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55fExploitThird Party Advisory
https://launchpad.support.sap.com/#/notes/2752614Permissions RequiredVendor Advisory
https://launchpad.support.sap.com/#/notes/2911267
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575Vendor Advisory
http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.ExploitThird Party Advisory
http://www.securityfocus.com/bid/109074Third Party AdvisoryVDB Entry
https://cxsecurity.com/ascii/WLB-2019050283Third Party Advisory
https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55fExploitThird Party Advisory
https://launchpad.support.sap.com/#/notes/2752614Permissions RequiredVendor Advisory
https://launchpad.support.sap.com/#/notes/2911267
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575Vendor Advisory

FAQ

What is CVE-2019-0319?

CVE-2019-0319 is a vulnerability with a CVSS score of 7.5 (HIGH). The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this infor...

How severe is CVE-2019-0319?

CVE-2019-0319 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-0319?

Check the references section above for vendor advisories and patch information. Affected products include: Sap Gateway, Sap Ui5.